After almost losing a six-figure sum in a cyber security incident, a Sunshine Coast based property development company approached Ravinn for help.
In a classic Business Email Compromise, a cyber threat posed as a director of the property development company and sent a legitimate looking invoice for payment to the financial team….fortunately due to the vigilance of a member of the financial team, the fraudulent invoice was identified and intercepted just before the payment was made and funds subsequently lost.
Having quickly identified that this could easily happen again, and they were completely unprepared, they decided to take action to protect themselves from future threats.
Ravinn were able to provide a quick and effective response plan; ensuring that the firm’s standard transactions process was immediately reviewed and updated and immediate actions to protect the organisation from the majority of cyber threats were implemented.
Following this, Ravinn conducted a full Cyber Resilience Audit of the organisation, including a holistic analysis of information security, physical security and employee security. Following the audit and analysis Ravinn delivered;
- Cyber Threat Report – a detailed report focused on the specific threats to the organisation and their industry and highlighting what they really needed to understand about cyber-attacks and how they may be vulnerable to them.
- Cyber Audit Findings and Recommendations – an in-depth view of the findings of the organisation’s security with clear explanations of their current state of cyber maturity and the state of cyber maturity they should be aiming to achieve…. and all in clear English so that it could be shared and understood across the organisation.
- Resilience Action Plan – not wanting to leave them to try and work out how to achieve the recommendations, Ravinn delivered a detailed action plan of what steps to take to achieve cyber resilience starting with those actions they needed to take immediately (with guidance on how to do so) and then the actions, be they new processes or technical controls, to implement over time in their journey towards achieving and maintaining the appropriate level of cyber maturity.
Having narrowly avoided what would have been an extremely damaging cyber-attack, the property development company now have a strong understanding of the cyber threat relevant to them and the appropriate measures in place to mitigate those threats and continue to thrive.
So What? Why are Property Developers such a tempting target?
1. Along with builders, lawyers and real estate organisations, they deal in regular, fairly large financial transactions. So it's worth the effort of an attacker to spend some time trying to hi-jack these transactions.
2. Typically such organisations don't have their own security specialists, so defences are not all that good. So they are seen as an easy target.
3. Plenty of similar organisations think the solution is through software subscriptions or anti-virus software. It isn't. So there's a false sense of security that attackers exploit.
The majority of likely threats and vulnerabilities can be mitigated by taking some simple, low cost actions (most of these are not technical!). A good balance of understanding the specific threat to you, some effective processes, correct configuration of your IT and information environment and preparation of your people to spot the dangers, is the combination required to protect your organisation from a threat that is simply not going to go away.